@node Why
@unnumbered Why I created it?

@itemize

@item I am tired that various HTTPS clients (like browsers and feed
aggregators) use TLS libraries with different feature set. NSS, GnuTLS,
OpenSSL... All of them sucks, comparing to Go's @code{crypto/tls}.

@item I am tired that everyone provides very limited certificates trust
management capabilities, like either certificate or SPKI
@url{https://en.wikipedia.org/wiki/Certificate_pinning, pinning} with
@url{https://en.wikipedia.org/wiki/Trust_on_first_use, TOFU}. Even my
beloved @url{https://en.wikipedia.org/wiki/Xombrero, Xombrero} browser
still pins only the whole certificate, but its public key would be much
more sufficient and convenient to work with.

@item I am tired that many clients provides very few information about
certificates and connections at all.

@item I hate that hardly anyone can control (no automatic silent
transparent following) HTTP redirections. Although Firefox (I used many
ears ago) had proper extensions for that.

@item I am sick of tiny control on URLs. The best you can is to use some
kind of @url{https://en.wikipedia.org/wiki/Privoxy, Privoxy}, but it is
not friendly with TLS connections, obviously. Or use yet another
browser-specific plugin.

@item Xombrero sometimes has problems with HTTP-based authorization.

@item Hardly anyone does
@url{https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities, DANE}
checks.

@item And there is insanity of fonts downloading.
Why the hell people just do not send PostScript documents instead!?

@item And wonderful @url{http://jpegxl.info/, JPEG XL} image format is
not supported by most browsers. Even pretty old
@url{https://developers.google.com/speed/webp, WebP}, that has highest
compression ratio for lossless screenshots, is not supported everywhere,
especially on old browsers.
@url{https://aomediacodec.github.io/av1-avif/, AVIF} could be useful too.

@item None of web browsers has ability to view web archives
(@url{https://en.wikipedia.org/wiki/Web_ARChive, WARC}s). And most of
WARC-related software is written on Python, that nowadays is close to be
impossible to install and use with all its broken dependencies system.

@item And yet another piece of software is needed for browsing the
@url{https://en.wikipedia.org/wiki/Gemini_(protocol), geminispace}?
Too many bicycles already!

@end itemize

That is why I wrote @command{tofuproxy} -- pure Go HTTP proxy, MitMing
all HTTPS connections on the fly. It is written for my personal needs
exclusively, so many features are just directly hard-coded, instead of
creating some kind of complex configuration framework.